We have a few different Anti Virus software products here in our office that are waiting to be reviewed. All of them, except the product we are talking about in this review, are intended for Windows users. As I personally checked some anti virus solutions for my Linux desktop computer, let's start the HNS anti virus reviews bonanza with Sophos' trip to protecting Linux users. As a standard disclaimer, we didn't do rigorous testing of this product, but just reviewed its functionality with main aspects focused on installation, configuration and usage.

Sophos Anti-Virus for Unix comes in a couple of flavors. There are supported versions for several operating systems, including: AIX, Digital Unix, FreeBSD, HP-UX, Linux, SCO Open Server, SCO Unixware and Solaris. The test system for this installation is Red Hat Linux 7.2. As for Linux installations there are two different packages:

- Linux on Alpha
- Linux on Intel using libc5
- Linux on Intel using libc6

Most of the newly released versions of popular Linux distributions come with libc6, but if you really need to double check which libraries your system has do a quick 'ls /lib/libc.so.*'. That will obviously show you if you have libc5 or libc6.

Pre-Installation

The first step is to move the the appropriate package from Sophos's CD-ROM into your /tmp directory. The file in use for this test is linux.intel.libc6.tar. Unpacking the archive shouldn't be a problem:

Before installation you must see if you would like to install an InterCheck Server. The difference is that if you need InterCheck, it would be nice to create a new user and a group (Sophos suggests sweep:sweep). The reason for this is that when the InterCheck Server runs, it will attempt to change user and group IDs so that it is running as user and group sweep. In this review we will look on Sophos Anti-Virus for Unix as a standalone Linux desktop anti virus solution not as a possible combination with a Windows 95/98/ME clients. Information on this kind of system can be found in "Unix with Windows 95/98/Me clients" manual located on Sophos' documentation pages linked in the references section.

By executing install.sh script in the sav-install directory, installation procedure starts. Optionally, ./install.sh -h gives you to choose in what directories you would like to install Sophos Anti-Virus. Defaults are:

-i [dir] InterCheck directory (defaults to /var/spool/intercheck or the ROOTDIRECTORY given in /etc/icheckd.conf, if that exists)-ni Do not install InterCheck-ssi Stop & start InterCheck server after installation-nssi Do not stop & start InterCheck (default)-idc Install InterCheck for diskless clients-nidc Do not install InterCheck for diskless clients (default)-rm Remove old libraries and virus data files (default)-nrm Do not remove old libraries and virus data files

Actual installation

OK, now when we saw all the options and agreed with ourselves where would we place the Sophos Anti-Virus files, we can start with the actual installation.

Very quickly we encounter the first error. According to the man entry for the ldconfig, it is used for configuring dynamic linker run-time bindings. On this system the path to ldconfig is /sbin/ldconfig so the easy solution would be to create a link for ldconfig in the /usr/bin directory. This can be easily done with:

[root@localhost bin]# ln -s /sbin/ldconfig ldconfig

After making ldconfig available in the path, executing the install.sh script gives a command prompt, which means it was successfully installed.

According to Sophos documentation, another option is supported - "SAV temp directory". This string should consist the path value of the directory when archives will be temporary extracted, so Sophos Anti-Virus can scan their content. So second line gets added to the sav.conf file:

SAV temp directory = /tmp/sophos

Configuration is done - you can now use Sophos Anti-Virus on your Linux machine.

Updating virus identities

Before we start using our freshly installed Sophos Anti-Virus for Unix, downloading the latest virus signatures would be a good step.

Sophos web site, which is neatly categorized has a download area for all the latest virus identites (IDE) that can be downloaded in two ways:

- separate IDE files for the latest added viruses
- all the latest viruses zipped in an archive

Also there is another categorization of the IDE archives when you are downloading them from Sophos web site: by Sophos Anti-Virus Build. The version we played with is titled 3.57 May 2002, so we need to download few zipped archives to get in the state were current 3.60 August 2002 version is. The downloaded files should go to /usr/local/sav/ directory. (Take a look at Figure 2)

Practical usage

Using Sophos Anti-Virus is simple and both help (--help) and man (man sweep) entries will give you all the information you need. In this test case we are scanning /tmp/savitest directory and available archives in that directory. This is the usual Sophos Anti-Virus for Unix output:

Spotlight

By working with the DevOps team, you can ensure that the production environment is more predictable, auditable and more secure than before. The key is to integrate your security requirements into the DevOps pipeline.

A critical vulnerability in ANTlabs InnGate devices, a popular Internet gateway for visitor-based networks and commonly installed in hotels and convention centers, has been discovered. The flaw could allow an attacker to monitor or tamper with traffic to and from any hotel WiFi user's connection.

In this interview, Raj Samani, VP and CTO EMEA at Intel Security, talks about successful information security strategies aimed at the critical infrastructure, government challenges, the role of regulation, and more.